Data is Code, and Data--Code

Let me reveal something: I've been in IT for more than two decades. I increasingly miss the discipline of older IT systems (and those who managed them). Sure, joke about COBOL code--until you realize it still handles many financial transactions in many large companies. Remember the days before IT cowboys, who ride their rebooted systems so often they look like a bad rodeo rider about to fall?

Imagine systems so resilient, so robust, that people forget the IPL, er, reboot commands.

At one time, there was a serious and determined division between code and data. Today, the most routine visit to a website can provide a redirect, a bit o' Javascript, that can compromise your browser and computer system.

It is the intermingling of Code and Data that has me determined to go 'Slash & Burn' with my Internet systems. To you, it's a word processor document--Data. To the attacker? It is a series of macro extensions that can dupe you into running commands. To you, it is a DATAbase, a series of DATA tables, views, etc. To the attacker? Stored procedures, like xp_cmdshell, allow lots of privileged access if secured poorly.

I've always wanted to emulate Keats. But let's be realistic. Grecian Urns? That whole Beauty & Truth thingie just don't apply no more in todaze so-sigh-ity. Instead, we need to reflect on the disappearing dichotomy between Data and Code.